django-graphene auth decorator

graphql_auth.py

from decorator import decorator

def _check_auth(args, pred):
    _, _, context, _ = args
    if not pred(context):
        raise Exception("Unauthorized")


@decorator
def is_user(fn, *args, **kwargs):
    _check_auth(args, lambda context: not context.user.is_anonymous())
    return fn(*args, **kwargs)


@decorator
def is_staff(fn, *args, **kwargs):
    _check_auth(args, lambda context: context.user.is_staff)
    return fn(*args, **kwargs)

schema.py

from graphql_auth import is_staff
# etc

class CreateClientNote(graphene.relay.ClientIDMutation):

    class Input:
        client_id = graphene.ID(required=True)
        body = graphene.String(required=True)

    client_note = graphene.Field(ClientNote)

    @classmethod
    @is_staff
    def mutate_and_get_payload(cls, input, context, info):
        client = get_model(input.get('client_id'), context, info)
        model = models.ClientNote.objects.create(
            created_by_agent=context.agent, body=input.get('body'), client=client)
        return cls(client_note=model)